EveryDNS Under Botnet DDoS Attack

mellow marsh writes "EveryDNS, sister company to OpenDNS (which runs the PhishTank anti-phishing initiative), has been hit by a massive distributed denial-of-service attack. The attack started sometime Friday afternoon and, from all indications, was targeting Web sites that used free DNS management services provided by EveryDNS. At the height of the DDoS bombardment, EveryDNS was being hit with more than 400mbps of traffic at each of its four locations around the world. From the article: '"We were collateral damage," Ulevitch explained... Because law enforcement is involved, Ulevitch was hesitant to release details of the actual target but there are signs that some of the targets were "nefarious domains" that have since been terminated.'" OpenDNS, which makes use of EveryDNS services, was affected for a time, until they spread their authoritative DNS more broadly. The EveryDNS site is now reporting that the attack is continuing but has been mitigated and is not affecting operations.

Real ripple effects, even from this small event.

[ScentCone]

A client (a pretty large retail chain) was using EveryDNS for forward lookups to the mail server's A record. Mail they were sending out started to bounce because receiving mail servers weren't happy when trying to validate the sending box. In once case, a vital piece of mail sent to a state taxing authority couldn't get through on a month-end calendar deadline, causing much grief. Yes, alternate communcations channels are always an option, but it wasn't immediately clear why the two mail servers in question appeared to be hating each other.

Worse, the state government box's spam filtering appliance blacklisted the retailer's server, and a third party admin had to get involved to free things up. Quite a mess.

But the real lesson? People who say that a "cyber attack" couldn't really hurt the economy are wrong, wrong, wrong. This stuff can be really disruptive, and this was a pissant little scaled-down example. No major damage, but a lot of thrashing around, untold manhours of lost productivity, and (in the case of the anecdote in question, involving just one retail company), probably some tax fines which will require much tail chasing to get waived once the the story is clearly told, assuming the state government in question is feeling sporting about it.

"nefarious domain" is a loaded and subjective term

[plasmacutter]

What is "nefarious"?

to some.. the pirate bay and allofmp3 are "nefarious domains"..

to others "www.f**Ktimewarner.com" and "walmartsucks.com" are "nefarious domains"

and to others "www.wikipedia.org" and "www.aclu.org" are "nefarious domains".

I have a lot of trouble with the idea that DDOS attacks were being carried out in (apparently successful) attempts to wipe domains off the face of the earth..

this implies the attackers had no legal standing to take those domains offline.. then they call them "nefarious" after the fact.